eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Researchers at Zscaler have discovered nearly three million fake YouTube pages indexed by Google that lead to rogue anti-virus programs.
Zscaler found the pages by searching under “Hot Video” and a particular URL. Yandex, a Russian search engine, also returns numerous links to the pages as well, the researchers found.
“The fake Youtube video page is covered by an invisible Flash layer and the Flash object automatically redirects the user to a fake AV page,” blogged Julien Sobrier, senior security researcher at Zscaler. “If the user has Flash disabled, the page becomes harmless. The URL of the Flash file, hosted on a different domain, is obfuscated with Javascript.”
In addition to the huge numbers of pages indexed and the fact they show up in many search results, the pages and their malicious payloads are going virtually undetected, Sobrier wrote.
“This type of threat is different from the usual Blackhat spam SEO: the same content is shown to the user and to the search engine, therefore the page can be accessed directly, without clicking on search engine results,” he blogged.
Zscaler has added protection for its customers.